Security and Compliance Engineer

Standort:

• Berga-Wünschendorf Secunet Jetzt bewerben

Zusammenfassung

• Arbeitszeit: Vollzeit
• Typ: Festanstellung
• Qualifikationslevel: Spezialisierungsformen und Funktionen

Gewünschte Fähigkeiten & Kenntnisse

Kubernetes, Network, Security, Compliance, Cloud, Rust, CAN, Übersetzungssoftware, Mobile App, MS Access, OpenStack, Python, SAFe, Grafana, Security Automation, GitLab, Go, Support, Continuous Integration, Policy, Engineering, Flexibilität

Unsere Leistungen

Homeoffice

Stellenbeschreibung

Ihre Aufgaben

We're building a modern Internal Developer Platform (IDP) to enable secure, scalable, and efficient software delivery - and security & compliance is a first-class concern from day one.

As Security and Compliance Engineer in our Platform team, you'll be responsible for designing, implementing, and evolving the security architecture of our IDP. Your focus will be on embedding security into the entire Software Development Lifecycle (SSDLC), enabling secure-by-default development practices, and advancing our Zero Trust approach across infrastructure, tooling, and pipelines.

You'll collaborate closely with platform, infrastructure, compliance and application teams to ensure that security and regulatory is not a bottleneck - but an enabler for safe, fast, and autonomous development.

Our Stack & Environment

We're building a secure, reproducible, and developer-friendly platform based on:

• Nix / NixOS - declarative, reproducible system configuration
• Rust - used for backend tooling
• Terraform - Infrastructure as Code
• GitLab - CI/CD and code lifecycle management
• OpenStack
• Kubernetes
• GitOps - our runtime and delivery foundation
• OpenTelemetry
• Grafana Stack (LGTM) - observability
• Policy-as-code, Secrets Automation, and Security-as-Code everywhere

What You'll Do

• Design and implement security architecture for our Internal Developer Platform
• Drive adoption of Zero Trust principles across platform components, networks, identities, and services
• Embed security and compliance into the SSDLC: from code scanning, SBOM generation, and policy-as-code, to runtime and product hardening
• Develop and enforce security automation, compliance checks, and guardrails as part of CI/CD pipelines and infrastructure-as-code
• Support the implementation of fine-grained IAM, secrets management, and secure service-to-service communication
• Collaborate with developers and platform engineers to design secure golden paths and self-service tooling
• Define, track, and report on key security metrics, risk levels, and compliance posture
• Stay on top of emerging threats, vulnerabilities, and security best practices - and translate them into actionable improvements

Ihr Profil

• Several years of experience in Security Engineering, Platform Security & Compliance, or DevSecOps
• Strong understanding of cloud-native architectures, container security, and security automation as well as regulatory requirements
• Hands-on experience with CI/CD pipelines, infrastructure-as-code, and Kubernetes security
• Familiarity with Zero Trust Architecture, including identity-based access, service mesh, and network segmentation
• Hands-on experience with tools such as Policy-as-code engines (e.g. OPA/Gatekeeper, Conftest)
• Knowledge of modern software supply chain security - e.g., SBOMs, SLSA, Sigstore, SAST/DAST
• Experience with secrets management (Vault, Sealed Secrets, External Secrets), policy engines (OPA/Gatekeeper), and observability tooling
• Coding/scripting ability in Python, Go, or Rust is a plus
• Clear communication skills and a collaborative mindset - you can work across teams and disciplines

Wir bieten Ihnen

• A unique opportunity to shape platform security from the ground up
• Full ownership and real impact in a technically ambitious environment
• A strong focus on automation, reproducibility, and secure-by-default engineering
• Collaboration with experienced platform and product engineers
• Remote work options, flexible hours, and modern tools

Profil

Fachliche Voraussetzung

Automatisierung, Backend, Code-Review, Devsecops, Dynamic Application Security Testing, Grafana, Identitätsmanagement, Informationssicherheit, Infrastruktur, Kubernetes, Kubernetes-Sicherheit, Lifecycle Management, Metriken, Montage und Demontage, Netzwerk-Segmentierung, Openstack, Python, Regulatorischen Anforderungen, Reproduzierbarkeit, Risikoanalyse, Scripting, Sicherheit Verwaltung, Sicherheitsbestimmungen, Sicherheitstechnik, Softwareentwicklung, Static Application Security Testing, Supply Chain Management, Systemkonfiguration, Terraform, Vulnerabilität, Zero Trust Network Access

Persönliche Fähigkeiten

Freundlichkeit, Kommunikation

Bewerbung

Jetzt bewerben

Branche:

Unternehmensdienstleistungen

Arbeitgeber:

Secunet

Adresse:

Secunet Europaring 5 a 40878 Ratingen